“We have no situational awareness, it’s very limited,” says Alexander Thursday during a speech in Washington sponsored by the Center for Strategic and International Studies (CSIS) and AT&T. “Often times, our situational awareness is indeed forensics, which means something has happened. We are now responding to that and we are saying, ‘Okay, something got through.'”

Advertisement

Alexander says DoD is basically policing their networks after the fact instead of mitigating threats or attacks in real time.

“We need real time situational awareness in our networks to see where something bad is happening and take action there at that time,” he says. “That is both a coordination issue amongst the services and agencies, and a situational awareness issue. We do not have common operational picture for our networks. We need to get there. We need to build that.”

One way DoD is trying to get there is by merging the staffs of the Joint Functional Component Command for Network Warfare and the Joint Task Force Global Network Operations (JTF-GNO) into a single operations center. Under this new office, the command is overseeing the command and control of all military networks at Ft. Meade, Md.

He compares the need for cyberspace situational awareness to what troops need on the battlefield-understanding where the adversary is going, where leading forces are going and performing reconnaissance.

“We must share indications and warning and threat data at Net speed among and between the various operating domains,” he says. “We must synchronize command and control of integrated defensive and offensive capabilities also at Net speed.”

Just as important, however, is the protection of privacy and civil liberties, Alexander says.

Several times during his speech he referred back DoD’s focus on these issues.

Congressional concerns over privacy and civil liberties held up the creation of the Cyber Command and Alexander’s eventual confirmation as its commander.

“It isn’t entirely well understood what the roles are and responsibilities of DoD’s Cyber Command will be and how they correlate with the National Security Agency,” says Alan Raul, a partner with Sidley Austin and the former vice chairman of the Privacy and Civil Liberties Oversight Board. “The concerns really relate to the operation of this DoD entity with regard to U.S. domestic activities.”

Raul adds DoD does take these privacy and civil liberties issues seriously, but some clarity in how they are addressing them would be more people at ease.

Alexander says much of how they approach privacy and civil liberty issues is classified.

“The way we have set up the oversight on that is by having a set of oversight mechanisms by all branches of the government: government, the court system and Congress, all need to play a part in that and know that the actions we are taking comport with the laws and protect civil liberties and privacy of our people,” he says. “The hard part is we can’t tell people what we did because we give up a capability that may be extremely useful in protecting our country and our allies. That is the two things we balance.”

He adds that he spends a lot of time with the Foreign Intelligence Surveillance Court, members of Congress and others in the administration explaining what they are doing, where there are issues, where there needs to be change and what DoD can and cannot do.

Raul says that is why it’s important for the Justice Department, the White House and lawmakers to make it clear to the public that they have reviewed what DoD is doing and are comfortable that all protections are working.

He adds that the Privacy and Civil Liberties Oversight Board, which has been dormant since January 2008, also would play a key role in reassuring the public.

“The board was intended to be an important component in the process of considering privacy and civil liberties issues,” Raul says. “We were cleared to access relevant information and I would certainly assume that when, and if, the White House reinvigorates the board, the members would be given the necessary access.”

An e-mail to the White House requesting comment on the status of the board was not immediately returned.

Alexander says DoD also must deal with a new kind of attack against its networks. In the past, hackers, organized crime or even nation states focused on stealing data or denial-of-service attacks. But he says the military is starting to see threats from remote sabotage.

For the past decade, agencies have faced denial-of-service attacks such as the Melissa virus or the I Love You worm. And other countries saw similar DoS attacks during the conflicts in Estonia and Georgia. Alexander says the difference is in DoS attacks, the systems are not permanently crippled.

“The potential for sabotage and destruction is now possible and it’s something we must treat very seriously,” he says.

An example of a remote sabotage attack was the Homeland Security Department’s Aurora experiment in 2007. DHS showed that a cyber criminal could hack into the control systems of an electrical power plant and damage the turbine, thus cutting off electricity to a city or community.

Alexander says to defend against these types of attacks DoD must partner with and work collaboratively with other agencies and the private sector.

“More and more military and national infrastructure networks are intertwined, including the Internet and telecommunications infrastructure,” he says. “We face a dangerous combination of known and unknown vulnerabilities, strong adversary capabilities and weak situational awareness.”

Each week, Defense Reporter Jared Serbu speaks one-on-one and in depth with the people responsible for managing the inner workings of the federal government's largest department, and those who know it best.